Remove signature check
All checks were successful
ci/woodpecker/tag/woodpecker Pipeline was successful

This commit is contained in:
SebClem 2023-07-07 15:06:57 +02:00
parent ac43fa1572
commit 81019dc330
Signed by: sebclem
GPG Key ID: 5A4308F6A359EA50
2 changed files with 1 additions and 53 deletions

View File

@ -22,8 +22,6 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o /woodpecker-config-service
# the application is going to listen on by default. # the application is going to listen on by default.
# https://docs.docker.com/engine/reference/builder/#expose # https://docs.docker.com/engine/reference/builder/#expose
EXPOSE 8000 EXPOSE 8000
VOLUME [ "/data/woodpecker.pub" ]
ENV CONFIG_SERVICE_PUBLIC_KEY_FILE=/data/woodpecker.pub
# Run # Run
CMD ["/woodpecker-config-service"] CMD ["/woodpecker-config-service"]

52
main.go
View File

@ -1,18 +1,12 @@
package main package main
import ( import (
"crypto/ed25519"
"crypto/x509"
_ "embed"
"encoding/json" "encoding/json"
"encoding/pem"
"io/ioutil" "io/ioutil"
"log" "log"
"net/http" "net/http"
"os"
"strings" "strings"
"github.com/go-ap/httpsig"
"github.com/woodpecker-ci/woodpecker/server/model" "github.com/woodpecker-ci/woodpecker/server/model"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
) )
@ -35,56 +29,12 @@ type pipeline struct {
func main() { func main() {
log.Println("Woodpecker central config server") log.Println("Woodpecker central config server")
pubKeyPath := os.Getenv("CONFIG_SERVICE_PUBLIC_KEY_FILE") // Key in format of the one fetched from http(s)://your-woodpecker-server/api/signature/public-key
if pubKeyPath == "" {
log.Fatal("Please make sure CONFIG_SERVICE_PUBLIC_KEY_FILE is set properly")
}
pubKeyRaw, err := ioutil.ReadFile(pubKeyPath)
if err != nil {
log.Fatal("Failed to read public key file")
}
pemblock, _ := pem.Decode(pubKeyRaw)
b, err := x509.ParsePKIXPublicKey(pemblock.Bytes)
if err != nil {
log.Fatal("Failed to parse public key file ", err)
}
pubKey, ok := b.(ed25519.PublicKey)
if !ok {
log.Fatal("Failed to parse public key file")
}
http.HandleFunc("/ciconfig", func(w http.ResponseWriter, r *http.Request) { http.HandleFunc("/ciconfig", func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost { if r.Method != http.MethodPost {
w.WriteHeader(http.StatusMethodNotAllowed) w.WriteHeader(http.StatusMethodNotAllowed)
return return
} }
// check signature
pubKeyID := "woodpecker-ci-plugins"
keystore := httpsig.NewMemoryKeyStore()
keystore.SetKey(pubKeyID, pubKey)
verifier := httpsig.NewVerifier(keystore)
verifier.SetRequiredHeaders([]string{"(request-target)", "date"})
keyID, err := verifier.Verify(r)
if err != nil {
log.Printf("config: invalid or missing signature in http.Request")
http.Error(w, "Invalid or Missing Signature", http.StatusBadRequest)
return
}
if keyID != pubKeyID {
log.Printf("config: invalid signature in http.Request")
http.Error(w, "Invalid Signature", http.StatusBadRequest)
return
}
var req incoming var req incoming
body, err := ioutil.ReadAll(r.Body) body, err := ioutil.ReadAll(r.Body)
if err != nil { if err != nil {
@ -141,7 +91,7 @@ func main() {
} }
}) })
err = http.ListenAndServe(":8000", nil) err := http.ListenAndServe(":8000", nil)
if err != nil { if err != nil {
log.Fatalf("Error on listen: %v", err) log.Fatalf("Error on listen: %v", err)
} }